The intersection of AI in digital marketing poses uncharted cybersecurity concerns for businesses globally. We spoke to Justin Aldridge, Technical Director at Artemis Marketing, to find out what organizations need to know.
As generative AI (GenAI) continues to transform how organizations approach operations, questions remain about AI’s propensity to aggregate, store, and misrepresent our data. A business function that relies so heavily on data to create personalized and seamless experiences, digital marketing and search optimization would, in theory, be augmented heavily with the help of AI.
However, while it can be tempting to entrust many resource-intensive and technical tasks to genAI, it poses another question: Could our increasing dependence on these evolving tools be exposing data and creating new security vulnerabilities?
It’s easy to look at AI solutions with rose-tinted glasses; despite their promises of excellent growth potential and scalability, we mustn’t ignore the potential for sophisticated cyber attacks that could plague systems via even the slightest weak spots.
There is a widespread belief that it’s not AI itself that’s the real danger to our data privacy and an organization’s cybersecurity posture, but rather those who leverage it for malicious purposes. It’s not the technology itself; it’s how it’s used. In a function so data-driven and metric-heavy as search engine optimization (SEO), the security implications can be severe.
Justin, you speak candidly about how generative AI has exploded and is now having a profound effect on modern search. From a technical perspective, give us your take on how AI is reshaping digital marketing and what changes you are seeing.
Justin: To say that AI has changed the game would be a massive understatement. We’re finding that more people are using tools like ChatGPT to search for information, find answers to their questions, and are looking for local businesses to help them.
These tools aren’t necessarily competing with Google, yet. The number of users using AI for searches is quite low, but those numbers are growing, to a point where tools like ChatGPT could be rivaling Google in a few years.
Also, Google’s Gemini-powered rollout of AI Overviews and its integration of AI Mode in search, suggest that it is noticing how receptive users are to chatbots that answer their queries. After all, if you were searching and a chatbot gave you what you were looking for, without you having to click through to various websites (while not being 100% reassured that a high-ranking website was going to answer your question), it’s a more positive experience.
The effect that’s having is that click-through rates from SERPs are going to take a hit as more people use GenAI tools to find what they need, which could reshape how we approach SEO for our clients who work across industries with varying levels of competitiveness.
We’re witnessing a shift from traditional SEO to a new and open-to-interpretation acronym called Answer Engine Optimization (AEO) or Generative Engine Optimization (GEO). We’re dealing with algorithms (powered by AI itself) that don’t just match keywords, yet interpret search intent, context, meaning, and even dialect and nuance. As a result, we have to continually adapt our clients’ marketing strategies to give them the best value. It’s not just about making pages rank. It’s about knowing how AI chatbots read them and decide which ones are worth showing in complex and personalized searches.
Our ARTEMIS INTELLIGENCE system is designed to understand LLMs, like those powering Gemini, AI Overviews, and AI Mode (and more, no doubt, to come in the coming weeks), and how they interpret, rank, and value content. But here’s where it gets interesting from a security standpoint: these AI systems are fundamentally different from traditional search engine algorithms. They’re learning and making decisions about user patterns that they have deciphered from vast datasets, and as a result, those decision-making processes aren’t always transparent or predictable.
So, how does this opacity in AI decision-making translate into potential security risks?
Justin: Think about it this way: search engine algorithms are now all AI-led. When businesses try to optimize their websites for search, they’re essentially giving AI algorithms free rein to scan and use their content. The LLMs and algorithms are scanning and validating this data, storing it in their banks, and giving it to users who search for queries they deem relevant, beyond keywords.
This fuels concerning scenarios from a security standpoint. Firstly, we’re seeing the beginnings of ‘algorithm dependency’, where businesses are becoming reliant on AI systems that they don’t fully understand to drive their online visibility, rankings, and revenue.
Secondly, perhaps more worryingly, the potential for misinformation still runs rife in AI chatbots. They all make up facts and data or link to potentially unverifiable sources. This misinformation can be maliciously used to create narratives or discourse that can dissuade users from certain websites, and this comes from very sophisticated manipulation tactics. Coupling this with the fact that these systems can generate convincing, contextually relevant, and seemingly ‘human’ content at scale makes it easy for malicious websites (that appear innocuous on the surface) to rank. That creates a scenario where malicious websites become harder to distinguish from legitimate ones, and the AI algorithm cannot recognize this malicious activity. Thus, it presents a result with information derived from a website it deems ‘relevant’ to users without much validity.
You mention AI-generated content being used maliciously. How significant is this threat in your experience?
Justin: It’s substantial. We’ve seen convincing-looking websites that have been entirely AI-generated, with realistic content, customer reviews, and even technical documents. Previously, Google would rank these sites based on how many keywords were on the site pages, but its algorithm has matured to recognize ‘black-hat’ tactics. However, these sites can still rank in search results if the content (however poor) matches what the user is looking for. The challenge is that the AI systems now evaluate content based on patterns rather than authenticity.
You could end up with a situation where an AI-generated site for a fake business appears ‘trustworthy’ to an algorithm that has no filter to recognize legitimacy or authenticity. This not only puts prospective customers at risk of buying from these fake websites but also puts the risk of the algorithm storing and learning more incorrect information. That creates a potential trust problem that we’re beginning to understand.
This is why we take great care in not only helping our clients create websites that satisfy Google’s E-E-A-T criteria for helpful, relevant content, and also prioritize building branded backlinks (which, admittedly, have seemingly decreased in importance in recent months) where more information can be fed to the algorithm about how reputable and sound the business is.
Beyond content manipulation, are there other security concerns businesses should be aware of when implementing AI-driven marketing strategies?
Justin: Absolutely. Many companies don’t realize that when they use AI tools to create content or analyze their marketing data, the sensitive business intelligence is uploaded to a proprietary third-party system (i.e., the chatbot’s index). This illustrates that too much reliance on AI poses an inherent security risk. There’s also the issue of AI systems learning from your data and potentially making that knowledge available to bad actors through subsequent interactions. It’s a privacy and competitive intelligence nightmare that many business owners may not have considered.
What are the long-term security implications of increasing AI dependence in marketing?
Justin: We’re entering a time when we need to harness AI to maintain our business competitive advantage while being mindful of the intricate security vulnerabilities. There’s no doubt that AI is here to stay, but we still don’t know a huge amount about it, and thus, when we discover our vulnerability, there’s every chance it might be too little, too late.
In my opinion, the businesses that will thrive are those that recognize AI as a powerful but potentially dangerous tool that requires careful human oversight and robust data privacy and security controls.
Integrating AI into marketing and search optimization is a tremendous opportunity and significant risk. The key is recognizing that these technologies require a fundamentally different approach to security, one that accounts for their opacity, scale, and potential for manipulation.
Chester Avey is a Freelance Writer based in the UK with more than 20 years’ experience in IT. He has extensive knowledge of today's evolving tech industry and enjoys writing authoritative articles and opinion pieces on a wide range of topics, including: digital marketing trends, AI, cybersecurity, software solutions, and e-commerce.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.